GHSA-jxgm-9f58-w4xp

Suggest an improvement
Source
https://github.com/advisories/GHSA-jxgm-9f58-w4xp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/05/GHSA-jxgm-9f58-w4xp/GHSA-jxgm-9f58-w4xp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jxgm-9f58-w4xp
Aliases
Published
2019-05-14T04:00:21Z
Modified
2023-11-08T04:00:31.602482Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Improper Input Validation in Apache Archiva
Details

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

Database specific 
{
    "nvd_published_at": "2019-04-30T22:29:00Z",
    "github_reviewed_at": "2019-05-03T15:33:48Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20"
    ]
}
References

Affected packages

Maven / org.apache.archiva:archiva

Package

Name
org.apache.archiva:archiva
View open source insights on deps.dev
Purl
pkg:maven/org.apache.archiva/archiva

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.2.0
Fixed
2.2.4

Affected versions

2.*

2.2.0
2.2.1
2.2.3